Extreme Networks

Article ID: 5298

Related to
MIBs
MAU-MIB

Goals
Enable user ports
Disable user ports
Disable backplane ports
Change port speed
Change port duplex mode
Hard-set port speed and duplex
Auto-negotiate speed and duplex

Solution

Disabling a port

Switch ports are typically enabled by default, and cannot be readily disabled.

The first option is disabling the Port or Spanning Tree status in either local/Telnet management or higher-level GUI tool (such as the NetSight products). Such a step generally manipulates only the dot1dStpPortEnable MIB, which, when disabled, disables Spanning Tree on that port while also preventing trafic from being transmitted - but not preventing it from being received.
Note: NetSight Atlas (vs Element Manager) products toggle ifAdminStatus as expected, when the Port status is disabled/enabled in the GUI - making the remainder of this document unnecessary for Atlas users.

The simplest way to effectively stop all switched traffic on a port without resorting to MIB manipulation, is to administer all of the following 802.1Q VLAN configuration changes on the port:

1. ensure that it is not an "802.1Q-Trunk" mode port (disabled by default, applicable to only SmartSwitch 2000/6000 and Vertical Horizon);
2. enable Ingress Filtering (aka "Filter using VLAN List", generally disabled by default);
3. disable GVRP (generally enabled by default);
4. disable Dynamic VLAN Egress (generally disabled by default);
5. remove all static VLAN egresses (generally VLAN 1 by default).

Caution: Since 802.1D/W Spanning Tree operation is unaffected by VLAN manipulations, this will still appear to be a viable path to STP. If a true network path is inappropriately STP-blocking in favor of this one, disable STP on this port as well - Combine the first two suggestions.

Miscellaneous Port MIB manipulations

Moving on to MIB possibilities, a port may be fully disabled by setting its ifAdminStatus MIB to a value of "2".

Most of our older products (SmartSwitch 9000, SmartSwitch 2000, SmartSwitch 6000/Matrix E7) use MIBs

• ifAdminStatus, to administratively enable/disable a port;
• dot1dStpPortEnable, to STP/traffic enable/disable a port;
• ctAutoNegAdminStatus, to enable/disable auto-neg;
• ctAutoNegAdvertisedTechnologyAbility, to control auto-neg advertisements;
• ctEtherSpeedAdminStatus, to set a port's default speed;
• ctEtherDuplexAdminStatus, to set a port's default duplex.

Our newer products (Vertical Horizon, Matrix DFE/E1/V2/C1/C2) use MIBs

• ifAdminStatus, to administratively enable/disable a port;
• dot1dStpPortEnable, to STP/traffic enable/disable a port;
• ifMauAutoNegAdminStatus, to enable/disable auto-neg;
• ifMauAutoNegCapAdvertisedBits, to control auto-neg advertisements;
• ifMauDefaultType, to set a port's default speed/duplex.

Further detail, for the MIBs discussed:

ifAdminStatus=1.3.6.1.2.1.2.2.1.7
(1=enable, 2=disable)

dot1dStpPortEnable=1.3.6.1.2.1.17.2.15.1.4
(1=enable, 2=disable)

ifMauDefaultType=1.3.6.1.2.1.26.2.1.1.11
(=one of dot3MauType entry OIDs)

dot3MauType=1.3.6.1.2.1.26.4
dot3MauTypeAUI=1.3.6.1.2.1.26.4.1
. . .
dot3MauType1000BaseTFD=1.3.6.1.2.1.26.4.30

ifMauAutoNegAdminStatus=1.3.6.1.2.1.26.5.1.1.1
(1=enable, 2=disable)

ifMauAutoNegCapAdvertisedBits=1.3.6.1.2.1.26.5.1.1.10.11013.1
(value based on bit manipulation)

ctAutoNegAdminStatus=1.3.6.1.4.1.52.4.1.2.4.2.1.1.1.1
(1=enable, 2=disable)

ctAutoNegAdvertisedTechnologyAbility=1.3.6.1.4.1.52.4.1.2.4.2.1.1.1.5
(value based on bit manipulation)

ctEtherSpeedAdminStatus=1.3.6.1.4.1.52.4.1.2.4.2.3.1.1.2
(ex: 2=10Mb, 3=100Mb, 4=1000Mb)
ctEtherDuplexAdminStatus=1.3.6.1.4.1.52.4.1.2.4.2.3.1.1.5
(2=HalfDuplex, 3=FullDuplex)
For any device, the MIB ifDescr=1.3.6.1.2.1.2.2.1.2 can be used to help ensure that the port being modified is the proper port instance.

See also: 5277 and 14477.